According to a report dated 13 February 2019, Bank of Valletta which accounts for almost half of Malta's banking transactions shut down all of its operations.
In addressing the country's Parliament, the Prime Minister of Malta reportedly said:-
hackers broke into the bank's system, creating false international payments totalling Euros 13 million to banks in Britain, US, Czech Republic and Hong Kong.
the payments has been traced and the bank is now seeking to reverse the transactions
the attack was detected on 13 February 2019 when the bank's staff noticed discrepancies in reconciling the international transactions
the bank immediately shut down its branches, ATM machines and its website
alternative arrangements were made for Maltese who were travelling overseas for their expenses as credit cards issued by the Bank of Valletta were cut off from access after the bank went offline when it shut down its operations
The above scene reminds us of the same action steps that were taken by the Government of Singapore 1 or 2 years ago when the city state was attacked in a cyber attack and the government had to take the unprecedented step of taking all government computers offline. Totally unimaginable for a country that is ranked 3rd in the world as a financial powerhouse, a sector which is highly dependent on the internet for its operations.
Based on the description of the above events, it appears that the Bank of Valletta has a robust Business Continuity Plan (BCP) as it is not easy to put in place all the measures as announced by their Prime Minister to their Parliament - all done within the same day from the time the breach was discovered to tracing and identifying the payments to making alternative arrangements for overseas Maltese whose credit cards were temporarily invalidated.
Organisations should take heed of this and ask themselves this question - is their BCP a 'live' document and how robust is this document? A robust document should have steps to address the chaotic and logistical nightmare that ensued from a case such as the one against Bank of Valletta.
